Another big security flaw found in iOS 7.1

Providing users who aren’t overly concerned with privacy an option to forgo certain protections in favor of convenience is a good thing. Enabling those less secure conveniences by default, however, is not a good thing.

As noted in a recent post on NBC, Egyptian programmer Sherif Hashim has discovered a flaw that allows anyone and everyone to access a user’s contact list even when his or her iPhone is locked. The issue is confirmed to be present even in Apple’s latest iOS 7.1.1 software.

Hashim posted a video to illustrate the flaw. In it, he shows that the device is locked and then attempts unsuccessfully to access the handset’s contact list using Siri. After canceling his initial command, he speaks a different command — “Call” — to initiate a voice call while the handset is locked. Siri then asks, “With whom would you like to speak?” and presents Hashim with the phone’s full contact list even though the device is still locked.

The report notes that no other features on the phone are accessible using this method.

If you would like to stop your phone from making your entire contact list available to anyone with a voice, go to Settings > Passcode and disable Siri under the “Allow access when locked” heading.